AKA is based on challenge-response mechanisms and symmetric cryptography and in UMTS is as set out in 3GPP (Third Generation Partnership Program) TS (Technical Specification) 33.102 V3.6.0: “Technical Specification Group Services and System Aspects; 3G Security; Security Architecture (Release 1999),” 3rd Generation Partnership Project, November 2000. AKA typically runs in a UMTS Subscriber Identity Module (USIM), a smart card-like device. However, the applicability of AKA is not limited to client devices with smart cards; e.g. AKA mechanisms can also be implemented in host software. AKA also provides backward compatibility to the GSM authentication mechanism set out in GSM 03.20 (ETS 300 534): “Digital cellular telecommunication system (Phase 2); Security related network functions,” European Telecommunications Standards, Institute, August 1997. Compared to the GSM mechanism, AKA provides substantially longer key lengths and also authentication of the server side (as well as the client side)
In order for a client device, such as a wireless terminal (more specifically such as a mobile station), to use the services provided by a server, such as a server in a communication system provided and managed by an operator (or indeed the services of a server of any kind of network, including e.g. the Internet), the terminal or the user must in some cases (for some networks and for some services of those networks) authenticate itself to the server and vice versa (the latter at least in some networks, notably UMTS), i.e. each must prove to the other it is who it claims to be. On dial-up networks, wireless LANs, wired LAN networks, and various Digital Subscriber Line (XDSL) networks, the operator of the network typically uses what is often called an AAA (Authentication, Authorization and Accounting) server to authenticate a client, and to authenticate the server of the operator network to which the client has directed a request for services (or to authenticate the operator network irrespective of any particular server). An AAA server may be responsible for storing shared secrets and other credential information necessary for the authentication of users (terminals with components specific to a particular user and so identifying the user), or an AAA server may use a separate user database server for storing the credential information. The Extensible Authentication Protocol (EAP) is often used on networks that employ AAA servers for authentication between an AAA server and a terminal. If the operator of the network is a cellular operator of a UMTS or GSM networks, the EAP method may encapsulate enhanced GSM authentication and key agreement, as in EAP SIM, or enhanced UMTS authentication and key agreement, as in EAP AKA. The terminal exchanges authentication packets with an attendant device on the local network. The attendant device is different on different types of networks, but it may be for example a wireless LAN access point, an Ethernet switch or a dial-up Network Access Server (NAS). The attendant device usually operates as what is called an AAA client, and the AAA client and the AAA server carry out the authentication using what is called an AAA protocol.
In the beginning of a communication session that is established with EAP SIM or EAP AKA, the terminal and the AAA server carry out what is here called full authentication, i.e. authentication starting from a state in which neither the terminal nor the AAA server has any basis for authenticating the other.
After full authentication is established, it may be that after some predetermined time or in the event of some other condition being met, reauthentication is required to reduce the chance that a “bad guy” has either begun masquerading as the originally authenticated entity using some other device (a server device or a client device), or has even somehow gained physical control of the originally authenticated device (e.g. a user left an authenticated terminal on and walked away) and has begun sending requests. A reauthentication may also be required in order to ascertain that the terminal is still using the network resources, as claimed by accounting messages sent by the local network. Also, a reauthentication may be used in order to negotiate new security keys in cases where the lifetime of the keys is limited due to security reasons. Reauthentication is identical in EAP SIM (for GSM) and EAP AKA (for UMTS).
The prior art of EAP SIM and EAP AKA protocols provides for reauthentication, making use of separate reauthentication user identities delivered from the AAA server to the terminal being reauthenticated. Reauthentication is based on session keys and other context information established during full authentication.
An operator may deploy in a network several AAA servers for load balancing and other reasons. Because an AAA server can be selected at random for authenticating a terminal, or can be selected by some predetermined mechanism such as a round-robin mechanism, a terminal (user) may not always authenticate with the same AAA server. In such a network, reauthentication becomes a problem in that the context information is only stored in the AAA server that performed the full authentication. Since reauthentication assumes the availability of some information provided during full authentication, it will not work (i.e. it cannot be performed) if a terminal's AAA request for reauthentication is relayed to a different AAA server than the AAA server that performed the full authentication.
Thus, what is needed is a way for reauthentication to work in networks where a request for reauthentication might be relayed to an AAA server other than the AAA server that performed the full authentication.